#!/bin/bash
#功能：密码复杂度，修改文件/etc/pam.d/common-password实现
#password requisite pam_cracklib.so
#retry=5			重试5次数
#minlen=8			密码长度最少8位
#difok=3 			新密码必须与旧密码有3位不同
#ucredit=-1 		大写字母1个
#lcredit=-2 		小写字母2个
#dcredit=-2 		数字2个
#ocredit=-2			特殊字符2个


PWD_CONF='password requisite pam_cracklib.so retry=5 minlen=8 difok=3 ucredit=-1 lcredit=-2 dcredit=-2 ocredita=-2'
###################################################################################
#SH
SHPATH=`readlink -f $0`
SHDIR=`dirname $SHPATH`
SHNAME="$0"

#DIR
LOG_DIR=$SHDIR/logs/$SHNAME
TMP_DIR=$SHDIR/temp/$SHNAME
mkdir -p $LOG_DIR $TMP_DIR

FILE='
/etc/pam.d/common-password
/etc/pam.d/system-auth
'

#



for i in `echo $FILE`
do

	if [ ! -f "$i" ];then continue;fi
	if [ ! -f "$i.init.bak" ];then cp $i $i.init.bak;fi


	echo "正在修改 $i"
	seq `cat $i|wc -l `|xargs -n1 > $TMP_DIR/num.txt
	paste $i $TMP_DIR/num.txt|grep ^password|awk  '$2=="requisite" {print }'| awk  '$3=="pam_cracklib.so" {print }'   > $TMP_DIR/stat.txt
	if [ -z "`cat $TMP_DIR/stat.txt`" ];then
	echo "$PWD_CONF" >> $i
	else
	NUM=`cat $TMP_DIR/stat.txt|awk '{print $NF}'`
	for ii in `echo $NUM`;do sed -i " ${ii}c $PWD_CONF" $i;done
	fi 
	cat $i |grep ^password|awk  '$2=="requisite" {print }'| awk  '$3=="pam_cracklib.so" {print }' 
done











